8.3.0.9

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

hitachi

CWE-281

NVD

Published: 2022-11-02

Updated: 2023-11-07

Summary

A vulnerability in Hitachi Vantara Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 does not cascade the hidden property to the children of the Home folder. This directory listing provides an attacker with the complete index of all the resources located inside the directory.

Vulnerable Configurations

Part	Description	Count
Application	Hitachi Hitachi Vantara Pentaho 8.3.0.0 Hitachi Vantara Pentaho 8.3.0.9 Hitachi Vantara Pentaho 8.3.0.25 Hitachi Vantara Pentaho *	4

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://support.pentaho.com/hc/en-us/articles/6744813983501